Understanding PKI

June 23, 2003

By
Beth Cohen

Normally you obtain certificates by purchasing them from a CA. If you only need a few certificates, perhaps for a web server, this is certainly the preferred option. It is possible to become your own CA so you can issue your own certificates. If you want to deploy everyday-quality certificates for use inside your organization only, you need to determine the cost trade-off between this and buying the certificates. Generating certificates that are to be used or recognized by outsiders is another matter entirely. Don't even think about it unless you are a very large organization that can afford the cost of the expertise and operations, and you have a significant need to generate many strong-quality certificates.

PKI operation depends on protecting private keys. Sometimes keys are generated by a computer and stored in memory and on disk. This is acceptable for everyday security. However, it is possible for someone to break into the computer--perhaps in person, perhaps over a network--and retrieve the private key. As a result, very sensitive information or resources need greater protection. Specialized hardware peripheral devices can provide stronger security by generating keys, signing, and decrypting information, so the private key never leaves the device. Protecting the key then becomes a matter of protecting the device from unauthorized use. It may be carried by its owner, locked up, password protected, etc.

Most enterprises use PKI even without having their own certificates or keys. If you have ever received a message from your web browser about an invalid certificate, that was PKI in action. Many Virtual Private Networks (VPNs) use PKI for their security protocol.

SSL (Secure Socket Layer) can use PKI to authenticate the identity of a website. When you are making a purchase over the Internet, you want to be sure that the merchant really is who it says it is. The merchant's site certificate is the proof.

An alternative to SSL, S-HTTP (Secure HTTP), is another Internet protocol that uses PKI. As its name implies, S-HTTP is an extension to the Hypertext Transfer Protocol (HTTP), the protocol used by web browsers and servers. S-HTTP allows the client to send a certificate to authenticate the user, while in SSL only the server can be authenticated. S-HTTP is more likely to be used in large financial transactions and other situations where the server requires authentication from the user that is more secure than a user ID and password.

There are some widely-used applications that do require you to have a certificate and/or keys. One common application of PKI is to sign email. Another is if you own or use a website that requires you to supply a certificate to allow others to authenticate your website or client.

The ability to sign email is available on many popular email systems. For example, KMail includes the use of X.509 certificates to sign and encrypt email. X.509 is a widely implemented international standard. KMail stores certificates you have installed or received from others. Once you get and install your certificate, you can sign email and include your certificate to authenticate that you are the author. Conversely, when you receive a certificate from someone else, KMail can store their public key. Then you can encrypt email to that person, assuring privacy.

You don't have to rely on KMail or certificate authorities to use PKI with email. PGP (Pretty Good Privacy) is a technology for PKI-based security that was originally developed at MIT and has since been commercialized and standardized by the IETF. PGP lets you sign and encrypt information without relying on CAs for certificates. You can add this capability by downloading open-source and free software PGP tools or purchasing PGP software for propriatary email systems from Microsoft, Qualcomm (Eudora), Apple, Lotus, and Novell. PGP will interoperate with X.509.